Linux源码包编译安装OpenVPN

Posted 白-胖-子

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux源码包编译安装OpenVPN相关的知识,希望对你有一定的参考价值。

Installation instructions for OpenVPN, a Secure Tunneling Daemon

快速安装:

Unix:

./configure && make && make install

下载不同版本的 OpenVPN 源码:

https://openvpn.net/community-downloads/

  • Ubuntu 可用的OpenVPN Debian/RPM packages:

    https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos

  • OpenVPN 开发版:

    https://github.com/OpenVPN/openvpn
    https://gitlab.com/OpenVPN/openvpn
    https://sourceforge.net/p/openvpn/openvpn/ci/master/tree/

这些货都在实时同步中.

下载 easy-rsa :

https://github.com/OpenVPN/easy-rsa

下载 tap-windows (NDIS 6) 驱动源码:

https://github.com/OpenVPN/tap-windows6

下载 开发环境 :

https://github.com/OpenVPN/openvpn-build

步骤实例 :

https://community.openvpn.net/openvpn/wiki/GettingStartedwithOVPN
https://community.openvpn.net/openvpn/wiki
https://openvpn.net/community-resources/

同样,你可以查man帮助.

支持的操作系统 :

(1) Linux (kernel 2.6+)
(2) Solaris
(3) OpenBSD 5.1+
(4) Mac OS X Darwin 10.5+
(5) FreeBSD 7.4+
(6) NetBSD 5.0+
(7) Windows Vista or later for OpenVPN 2.4
(8) Windows XP or later for OpenVPN 2.3

支持的CPU架构:

包括 Intel x86, Alpha, Sparc, Amd64, and ARM.

安装需求:

(1) TUN and/or TAP 驱动
(2) OpenSSL library,必须高于 version 1.0.2
(3) mbed TLS library, 必须高于 version 2.0 https://tls.mbed.org/

从tar包解压后快速安装:

./configure
make
make install

源码仓库检查后安装:

autoreconf -i -v -f
./configure
make
make install

源码仓库检查后创建一个tar包:

autoreconf -i -v -f
./configure
make distcheck

检查测试 (在编译之后):

make check ## (Run all tests below)

测试加密功能:

./openvpn --genkey secret key
./openvpn --test-crypto --secret key

测试 SSL/TLS 协商 (跑2分钟):

./openvpn --config sample/sample-config-files/loopback-client # (在一个终端)
./openvpn --config sample/sample-config-files/loopback-server # (在另外一个终端)

./configure脚本的选项:

  --disable-lzo           禁用 LZO 压缩支持 [default=yes]
  --disable-lz4           禁用 LZ4 压缩支持
  --enable-comp-stub      Don't compile compression support but still allow limited interoperability with compression-enabled peers
  --disable-crypto        disable crypto support [default=yes]
  --disable-ofb-cfb       disable support for OFB and CFB cipher modes
                          [default=yes]
  --enable-x509-alt-username
                          enable the --x509-username-field feature
                          [default=no]
  --disable-server        disable server support only (but retain client
                          support) [default=yes]
  --disable-plugins       disable plug-in support [default=yes]
  --disable-management    disable management server support [default=yes]
  --enable-pkcs11         enable pkcs11 support [default=no]
  --disable-fragment      disable internal fragmentation support (--fragment)
                          [default=yes]
  --disable-multihome     disable multi-homed UDP server support (--multihome)
                          [default=yes]
  --disable-port-share    disable TCP server port-share support (--port-share)
                          [default=yes]
  --disable-debug         disable debugging support (disable gremlin and verb
                          7+ messages) [default=yes]
  --enable-small          enable smaller executable size (disable OCC, usage
                          message, and verb 4 parm list) [default=no]
  --enable-iproute2       enable support for iproute2 [default=no]
  --disable-def-auth      disable deferred authentication [default=yes]
  --disable-pf            disable internal packet filter [default=yes]
  --disable-plugin-auth-pam
                          disable auth-pam plugin [default=platform specific]
  --disable-plugin-down-root
                          disable down-root plugin [default=platform specific]
  --enable-pam-dlopen     dlopen libpam [default=no]
  --enable-strict         enable strict compiler warnings (debugging option)
                          [default=no]
  --enable-pedantic       enable pedantic compiler warnings, will not generate
                          a working executable (debugging option) [default=no]
  --enable-werror         promote compiler warnings to errors, will cause
                          builds to fail if the compiler issues warnings
                          (debugging option) [default=no]
  --enable-strict-options enable strict options check between peers (debugging
                          option) [default=no]
  --enable-selinux        enable SELinux support [default=no]
  --enable-systemd        enable systemd support [default=no]
  --enable-async-push     enable async-push support for plugins providing
                          deferred authentication [default=no]

./configure环境变量设置:

 PLUGINDIR   Path of plug-in directory [default=LIBDIR/openvpn/plugins]
  IFCONFIG    full path to ipconfig utility
  ROUTE       full path to route utility
  IPROUTE     full path to ip utility
  NETSTAT     path to netstat utility
  GIT         path to git utility
  SYSTEMD_ASK_PASSWORD
              path to systemd-ask-password utility
  SYSTEMD_UNIT_DIR
              Path of systemd unit directory [default=LIBDIR/systemd/system]
  TMPFILES_DIR
              Path of tmpfiles directory [default=LIBDIR/tmpfiles.d]
  RST2MAN     Path to rst2man utility
  RST2html    Path to rst2html utility

环境变量依赖关系

  TAP_CFLAGS  C compiler flags for tap
  LIBPAM_CFLAGS
              C compiler flags for libpam
  LIBPAM_LIBS linker flags for libpam
  PKCS11_HELPER_CFLAGS
              C compiler flags for PKCS11_HELPER, overriding pkg-config
  PKCS11_HELPER_LIBS
              linker flags for PKCS11_HELPER, overriding pkg-config
  OPENSSL_CFLAGS
              C compiler flags for OpenSSL
  OPENSSL_LIBS
              linker flags for OpenSSL
  MBEDTLS_CFLAGS
              C compiler flags for mbedtls
  MBEDTLS_LIBS
              linker flags for mbedtls
  LZO_CFLAGS  C compiler flags for lzo
  LZO_LIBS    linker flags for lzo
  LZ4_CFLAGS  C compiler flags for lz4
  LZ4_LIBS    linker flags for lz4
  libsystemd_CFLAGS
              C compiler flags for libsystemd, overriding pkg-config
  libsystemd_LIBS
              linker flags for libsystemd, overriding pkg-config
  P11KIT_CFLAGS
              C compiler flags for P11KIT, overriding pkg-config
  P11KIT_LIBS linker flags for P11KIT, overriding pkg-config

Linux 发布包:

不同的系统有不同的发布包.

更多的信息:

  • Arch Linux
    https://www.archlinux.org/packages/?name=openvpn

  • Debian
    https://packages.debian.org/search?keywords=openvpn&searchon=names
    https://tracker.debian.org/pkg/openvpn

  • Fedora / Fedora EPEL (Red Hat Enterprise Linux/CentOS/Scientific Linux)
    https://apps.fedoraproject.org/packages/openvpn/overview/
    https://src.fedoraproject.org/rpms/openvpn

  • Gentoo
    https://packages.gentoo.org/packages/net-vpn/openvpn
    https://gitweb.gentoo.org/repo/gentoo.git/tree/net-vpn/openvpn

  • openSUSE
    https://build.opensuse.org/package/show/network:vpn/openvpn

  • Ubuntu
    https://packages.ubuntu.com/search?keywords=openvpn

OpenVPN 项目为Debian and Ubuntu提供最好的APT 仓库:

https://community.openvpn.net/openvpn/wiki/OpenvpnSoftwareRepos

TUN/TAP 驱动配置:

  • Linux 2.6 or higher (with integrated TUN/TAP driver):

    (1) load driver: modprobe tun
    (2) enable routing: echo 1 > /proc/sys/net/ipv4/ip_forward

以上是关于Linux源码包编译安装OpenVPN的主要内容,如果未能解决你的问题,请参考以下文章

18Linux源码包安装详解

源码编译安装

Linux中源码包安装

Linux软件安装管理

源码编译安装

httpd源码编译安装